3-prong security/reliability/real-time distributed architecture of information handling system

ABSTRACT

The present invention is directed to a distributed architecture of an information handling system, including a buried nucleus inaccessible for inspection without heroic means while the buried nucleus is in operation, and a trusted authority for generating a secure protocol. The secure protocol controls the operation of the buried nucleus.

FIELD OF THE INVENTION

This invention relates generally to an information handling system, andparticularly to a 3-prong security/reliability/real-time distributedarchitecture for an information handling system.

BACKGROUND OF THE INVENTION

There are three well known fundamental problems in an informationhandling system: security, reliability, and real-time behavior. Securityrefers to a system's ability to prevent unauthorized agents fromperforming actions while permitting authorized agents to performactions. Security is related to data protection and privacy, andespecially related to digital rights management (DRM). Reliabilityrefers to a system's robustness in handling information. Real-timebehavior refers to a system's ability to update information as theinformation is received, enabling the system to direct or controlprocesses. It is understood that an information handling system here isdefined as a group of related components that interact to processinformation. An information handling system may be hardware only,software only, or a combination of hardware and software.

Traditional solutions to the foregoing-indicated three problems haveemphasized on solving each problem separately. However, this approach issub-optimal from both an architectural and an economic point of view, asit fails to exploit the synergies of the interdependence an architecturemay provide.

A legacy architecture of an information handling system, that is, atraditional microprocessor and operating system structure (e.g., UNIX orMicrosoft Windows running on an Intel processor), is inherently insecureand is also not scalable. Therefore, a legacy architecture applies verypoorly to a distributed environment scaled both in the number ofsupported devices and in behavior or performance.

Thus, it would be desirable to provide an architecture for aninformation handling system which simultaneously addresses security,reliability, and real-time behavior problems inherent in the known art,while also solving legacy architecture scalability and securityproblems.

SUMMARY OF THE INVENTION

Accordingly, the present invention is directed to a distributedarchitecture of an information handling system which addresses security,reliability, and real-time behavior problems. In one aspect of thepresent invention, a 3-prong security/reliability/real-time distributedarchitecture in accordance with the present invention may have one ormore of the following features: (1) system solutions; (2)characterizability; (3) architectural independence of implementationmeans; (4) interdependence of functions; (5) security characterization;(6) quasi-stability; (7) buried nucleus; (8) adaptation; (9)reliability; (10) secure protocol; (11) ability to rebuild afterintrusion; and (12) isochronous real-time foundation.

In an additional aspect of the present invention, a distributedarchitecture of an information handling system includes a buried nucleusinaccessible for inspection without heroic means while the buriednucleus is in operation, and a trusted authority for generating a secureprotocol. The secure protocol may control the operation of the buriednucleus.

In another aspect of the present invention, a distributed architectureof an information handling system includes a hardware/software system,and a trusted authority for generating a secure protocol. The secureprotocol may control the operation of the hardware/software system.Preferably, the hardware/software system includes a microchip whichincludes a buried nucleus and an outer region having I/O pins. Thehardware/software system may further include external software connectedto I/O pins for controlling I/O pins. The buried nucleus may also beequipped to accept and decipher an encrypted key delivered through asecure protocol. An operating buried nucleus may not be accessible forinspection without heroic means.

In a further aspect of the present invention, a method for protectingencrypted information on a network from, for example, a grid dribbleattack, includes the following steps: (1) setting a buried nucleus in aquasi-stable mode of operation; (2) stopping clocking when the buriednucleus deviates from the quasi-stable mode; (3) rebuilding a secureenvironment within the buried nucleus after an intrusion is detected;and (4) stopping clocking when replication of re-buildup by an attackeris detected.

It should be understood the foregoing general description and followingdetailed description are exemplary and explanatory only and are notrestrictive of the invention as claimed. The accompanying drawings,which are incorporated in and constitute a part of the specification,illustrate an embodiment of the invention and together with the generaldescription, serve to explain the principles of the invention.

BRIEF DESCRIPTION OF THE DRAWINGS

The numerous advantages of the present invention may be betterunderstood by those skilled in the art by reference to the accompanyingfigures in which:

FIG. 1 is a schematic diagram illustrating a three-dimensioncost/threat/risk space;

FIG. 2 is a simplified block diagram of an exemplary hardware/softwareinstantiation of a 3-prong security/reliability/real-time distributedarchitecture in accordance with the present invention;

FIG. 3 shows a derivative approach (grid dribble attack) to violatingcopyright on a digital medium; and

FIG. 4 is a flowchart illustrating an exemplary process for protectingagainst a grid dribble attack in accordance with an exemplary embodimentof the present invention.

DETAILED DESCRIPTION OF THE INVENTION

Reference will now be made in detail to the presently preferredembodiments of the invention, examples of which are illustrated in theaccompanying drawings.

According to one aspect of the present invention, a secure distributedstructure may only be founded on a secure base. Likewise, a securedistributed structure may not be retrofitted to an insecure base such asa legacy architecture (whether in hardware or software). Furthermore,large networks of secure digital clients require such a foundation.

I. Architecture Features

The 3-prong security/reliability/real-time distributed architecture inaccordance with the present invention may have one or more of thefollowing features: (1) system solutions; (2) characterizability; (3)architectural independence of implementation means; (4) interdependenceof functions; (5) security characterization; (6) quasi-stability; (7)buried nucleus; (8) adaptation; (9) reliability; (10) secure protocol;(11) ability to rebuild after intrusion; and (12) isochronous real-timefoundation.

(1) System Solutions

Although the three functions (security, reliability, and real-timebehavior) are susceptible to individual point solutions, these pointsolutions are distinctly sub-optimal from both an architectural and aneconomic point of view and fail to exploit the synergies ofinterdependence an architecture may provide.

According to the present invention, the triad of functional objectives(security, reliability, and real-time behavior) may be synergistic andmay therefore best be achieved simultaneously in a 3-prongsecurity/reliability/real-time distributed architecture, which unifiesthe means employed for each objective as the basis for cost-effectivescalability. That is, rather than treating security, reliability, andreal-time behavior as independent point problems or independent pointsolutions, the three areas may be treated as interrelated problems thatshare certain common underlying architectural features.

(2) Characterizability

Any instantiation of a 3-prong security/reliability/real-timedistributed architecture of the present invention may be characterizablein each function domain (security, reliability, or real-time behavior).

The characterization of the present invention is extremely important andvery fundamental because many point solutions in this phase which areavailable today are extremely difficult to characterize, forcingconstruction of over built, inefficient, problematic, and overprovisioned solutions. One must apply more resources to solving theproblem than required from a systems point of view.

(3) Architectural Independence of Implementation Means

According to a preferred embodiment of the present invention, invariantarchitecture is independent from characterizable implementations. Afundamental characteristic of the 3-prong security/reliability/real-timedistributed architecture of the present invention is that thearchitecture may be viewed independently of a particular instantiationor implementation. The architecture is invariant. That is, theparticular functional characteristics of the architecture in terms ofhow the architecture actually provides security, how the architectureactually provides real-time behavior, and how the architecture actuallyprovides reliability, are preferably fixed. However, the extent to whichthe architecture provides those characteristics in a particularinstantiation or implementation may actually be characterizedquantitatively. That is, while the architecture remains fixed, variantsof the architecture may have very modest resource consumptions or may bevery powerful. In this way, the level of performance for the particularcharacterization may be scaled according to how the present invention isimplemented.

The architecture of the present invention may apply to a distributedenvironment which is scalable both in the number of supported devices,e.g., from a couple of devices to literally billions of devices, and inbehavior or performance. The distributed environment may be a very tinydevice, like an embedded behavior or performance. The distributedenvironment may be a smart card or may be a supercomputer mainframe. Thearchitecture according to the present invention may address that entirescaling range, and may be suitable for a very small numbers of devicesor suitable for accommodating very large aggregates of devices withrespect to the three fundamental problems of security, reliability andreal-time behavior.

According to the present invention, with fixed architecture, thearchitecture may be implemented in many ways. The architecture may beimplemented entirely in hardware for some purposes, the architecture maybe implemented entirely in software for other purposes, or thearchitecture may be implemented in a combination of hardware andsoftware for yet other markets and allocation sets.

According to the present invention, the architecture itself may notrequire a hardware-only, a software-only, or a hardware/softwareimplementation. The characterization of the delivery of security,reliability and real-time behavior in each of those settings may bedifferent and may be characterized differently as a result of thechoices made in implementation.

(4) Interdependence of Functions

The functions of security, reliability, and real-time behavior areinterdependent within the architectural structure of the presentinvention.

(5) Security Characterization

According to the present invention, security may be characterized basedon a formal cost/threat/risk model, where the cost is a cost ofimplementing a defense against an attack, the risk is a value of anasset that is under attack, and the threat is a level of investment thatan attacker is willing to make. According to the present invention,there is really no such thing as an unbreakable system, but instead, theconcept of characterization is used to indicate that in athree-dimension space as shown in FIG. 1, one may characterize efficacyof a solution in terms of cost, threat and risk.

As shown in FIG. 1, a particular instantiation of the 3-prongsecurity/reliability/real-time distributed architecture of the presentinvention may occupy a position P within a cost/threat/risk space. Thus,for the particular instantiation corresponding to the position P, one isplacing an asset with a z amount of value at risk, and one is willing toinvest a x amount of cost in ensuring that the asset is protected on theassumption that an attacker is not willing to invest more than a yamount of effort or dollars. All of these things (cost, threat, andrisk) may, of course, be expressed in a dollar value.

It is noted that different instantiations of the 3-prongsecurity/reliability/real-time distributed architecture of the presentinvention may occupy different positions of the cost/threat/risk spaceshown in FIG. 1. For example, if an instantiation is an ATM machine, therisk is great because the value of the asset under attack is great, soone would be willing to spend a lot on the protection, and one also hasto assume an attacker would be willing to spend significantly on theattack. However, if all one is trying to protect is an e-mail for oneparticular day that has an inconsequential content, then cost and riskwould be low, and one may not really care if the data are infiltrated bya hacker. The security characterization will be more fully describedwith the DRM.

(6) Quasi-stability

The 3-prong security/reliability/real-time distributed architecture ofthe present invention may have quasi-stability. Cumulative attacks maybe thwarted through immediate suspension of operation upon intrusiondetection. The quasi-stability will be described in more detail with theDRM.

(7) Buried Nucleus

Some instantiations of the 3-prong security/reliability/real-timedistributed architecture of the present invention may require “buried”hardware resources to achieve the instantiations' securitycharacterization. The buried nucleus concept will be described in moredetail with the DRM.

(8) Adaptation

The 3-prong security/reliability/real-time distributed architecture ofthe present invention may support adaptive responses to changingconditions either autonomously or under supervision of a remote trustedauthority. The adaptation may include self-healing and self-sealingbehaviors.

(9) Reliability

The adaptive responses of the 3-prong security/reliability/real-timedistributed architecture of the present invention to failure modespreferably permits continued aggregate functioning of client populationscontaining failed members, especially in large populations with failedmembers.

(10) Secure Protocol

The 3-prong security/reliability/real-time distributed architecture ofthe present invention may require use of a demonstrably secure adaptiveprotocol operating peer-to-peer and/or via a trusted authority to managethe system environment and assure system integrity.

(11) Ability to Rebuild after Intrusion

The 3-prong security/reliability/real-time distributed architecture ofthe present invention may support re-establishment of a demonstrablysecure environment in the face of detected intrusions.

(12) Isochronous Real-Time Foundation

According to a preferred embodiment of the present invention, real-timefunctions are predicated on multiple independently synthesizableisochronous paths in the 3-prong security/reliability/real-timedistributed architecture.

It is understood that the foregoing-described features are exemplaryonly and are not intended to limit the scope of the present invention.Those of ordinary skill in the art will understand that other featuresmay also be included in the architecture of the present inventionwithout departing from the scope and spirit of the present invention.

II. Architecture for Digital Rights Management (DRM)

As described above, the 3-prong security/reliability/real-timedistributed architecture of the present invention may be implementedentirely in hardware, entirely in software, or in a combination ofhardware and software. An exemplary hardware/software instantiation ofthe architecture of the present invention is described as follows in thecontext of digital rights management.

(1) Architecture

DRM poses one of the greatest challenges for content communities in thedigital age. Traditional rights management of physical materialsbenefited from the materials' physicality (as this provided some barrierto unauthorized exploitation of content). However, because of the easewith which digital files may be copied and transmitted, serious breachesof copyright law are not uncommon in a connected society. Thus, oneaspect of the DRM focuses on security and encryption as a means ofpreventing unauthorized copying. That is, DRM tries to lock the content(e.g. a movie in a DVD medium) and limit its distribution to only thosepaying through an authorization procedure. The level of securityprovided may be adjusted commensurate to content value.

Referring now to FIG. 2, a simplified block diagram of an exemplaryhardware/software instantiation of a 3-prongsecurity/reliability/real-time distributed architecture 200 inaccordance with the present invention is shown. The architecture 200 mayincrease the security for DRM purposes. The architecture 200 includes ahardware/software system 202, and a trusted authority 206 that generatesa secure protocol 204. The secure protocol 204 may control the operationof the hardware/software system 202.

The hardware/software system 202 preferably includes a microchip 208 andsoftware 210. The microchip 208 preferably includes a buried nucleus(BN) 212 and an outer region 214. The outer region 214 is the area ofthe microchip 208 other than the BN 212 and includes all the I/O(input/output) pins and pads of the microchip 208. The I/O pins of themicrochip 208 are connected to the external software 210 whichmanipulates or controls these I/O pins.

The BN 212 may include resource sets such as a LFSR (linear feedbackshift register), a reconfigurable core, a programmable logic block, anon-volatile RAM (e.g., magnetoresistive-RAM, ferroelectric-RAM), amatrix multiplier, and the like. Those of ordinary skill in the art willappreciate that other resources sets may also be included in the BN 212without departing from the scope and spirit of the present invention.

The hardware/software system 202 may operate under the control of thesecure protocol (i.e., protected protocol or encrypted protocol) 204 sothat the hardware/software system 202 is actually set up and programmedby someone operating remotely by means of the secure protocol 204. Bymeans of the secure protocol 204, a group of authorization informationsuch as actual processing codes, keys (e.g., passwords), permissions,and metadata relating to the implementation of a DRM heuristic, and thelike may be presented to the BN 214.

The trusted authority 206 may generate the secure protocol 204 which ispreferably valid with respect to operations known to be supported by theBN 212. The trusted authority 206 may, for example, be a back-end server(which is assumed to be secure), a cell phone operator with a trustedcommand (and control center), an encrypted medium (which is assumed tobe unique and uniquely in the possession of an authorized user of thisparticular instantiation of the architecture), or the like. The trustedauthority 206 delivers the group of authorization information throughthe secure protocol 204 into the BN 212. The trusted authority 206 maybe in a vault. The trusted authority 206 may be operated according tosome encryption or security measures.

One fundamental task of the BN 212 is to accept a key delivered throughthe secure protocol 204. The key may be presented in an encrypted form.Those of ordinary skill in the art will understand that variousencryption, decryption and data-protection mechanisms may be utilizedduring the process of presenting and delivering the key. For example,digital watermarking, fast elliptical algorithms, Triple DES (also3DES), and other contemporary algorithms may be utilized. In a preferredembodiment, the Rijndael algorithm is utilized.

The group of authorization information may be conveyed securely throughthe protocol 204 into the BN 212, which then operates and returns aresult. The result may be used to activate an operation (e.g., playing aDVD medium) being authorized by means of an interaction between thesecure protocol 204 and the BN 212. A critical aspect of thisarchitecture 200 is the interaction that is set up between the trustedauthority 206 and the BN 214 itself, and the activity that is set inmotion by conveying the key and the relevant information through thesecure protocol 204 into the BN 212.

According to the present invention, the BN 212 is unavailable toinspection by an attacker (e.g., a hacker) when the BN 212 is inoperation. That is, although an attacker may grind the BN 212 down,photolithograph (or photomicrograph) the circuitry of the BN 212 at eachlevel, and view the BN 212 in a static plan, the attacker is not able toinspect the BN 212 when the BN 212 is in operation.

Thus, even if an attacker, in principle, is able to inspect the secureprotocol 204, inspect the software 210, inspect the process of the keyand relevant information being presented by the software 210 to themicrochip 208, and even potentially inspect the outer region 214 (i.e.,all of the signals, all of the gates, all of the circuitry including thesignal lines between the BN 212 and the outer region 214, and the like,in the outer region 214), when the key and relevant information arepresented to the BN 212, the attacker no longer has access. Therefore,all of the operations carried out by resource sets interior to the BN212 are inaccessible to an attacker.

Since the key is deciphered inside the BN 212, and since the BN 212 isnot accessible for inspection by an attacker when the BN 212 is inoperation, the architecture 200 may thus defeat the attacker's attemptto get access to protected content.

(2) Grid Dribble Attack

FIG. 3 shows a derivative approach (grid dribble attack) to violatingcopyright on a digital medium. This form of attack is preferred by manyhackers. A DVD 302 may contain an encrypted copy of content (e.g.,movie, or the like). The DVD 302 is submitted to the Internet to a gridof computers 304. These computers 304 may be authorized users and havekeys to decipher the encrypted content stored on the DVD 302. When thesecomputers 304 apply decryption techniques to the encrypted movie on theDVD 302, correlated deciphered bits 306 of the movie may dribble out,bit by bit. It may take some time (e.g., six months) for the severalhundreds of billions of bits that make up the target content to dribbleout. However, once this happens, a perfect digital copy of thecopyrighted content may then be presented on the Internet forunauthorized coping. Because there is no DRM system to ensure againstthis grid dribble attack which takes part in encryption mechanism bit bybit and dribbles out the results, content creators are extremelyreluctant to make available digital content for general distribution.

FIG. 4 is a flowchart illustrating an exemplary process 400 forprotecting against a grid dribble attack in accordance with the presentinvention. The process 400 may be implemented in the architecture 200shown in FIG. 2.

The process 400 starts with a step 402 in which a BN is set in aquasi-stable mode (knife-edge stability). Among the resourcesarchitecture may make available include timer banks (essential fordelivering quality service, e.g., high-quality digital video and audio).These timer banks are programmable. According to the present invention,the timer banks are set up in such a way that the timer banks may bepresented with a bit string providing the time banks with certainpseudorandom temporal variability called a form jitter. Strictlyspeaking, the form jitter is not a jitter in an engineering term, but isa kind of pseudorandom variability that is knowable if one knows the bitstring presented to the BN, which, in turn, is applied to the timerbanks to set up the operation of the timer banks. Therefore, these timerbanks are almost exactly right, but not exactly right.

According to the present invention, the bit string may be set up by oneof the keys delivered by a secured protocol. Thus, in setting up aquasi-stable operation within the BN, one piece of information conveyedis preferably a key (for example, in a public key cryptosystem or avariant of a well-known public key cryptosystem). The key, instead ofbeing applied to a difficult NP-hard problem (e.g., factoring very largeprime numbers), is employed in conjunction with other keys to thecreation of the quasi-stable BN mode of operation.

The quasi-stable mode of operation (step 402) means that an architectureis jittering ever so slightly and has an ability to compare itsoperation to the operation that would be dictated by one and only onesuch secret key presented to the timer banks. Such an ability provides ameans for intrusion detection.

Next, in step 404 in the event of an attempt to invade the architecture,the clocking of some operations inside the BN may deviate (even ifslightly) from the unpredictable but nevertheless well-known pattern oftemporal behavior that is dictated by the key presented by the secureprotocol, a mechanism may be triggered to stop the clock from runningand cease the operation of the BN. In other words, upon the detection ofan intrusion, because the timing regime that has been set up is violatedever so slightly, the architecture basically stops working. This doesnot necessarily mean that the architecture as a whole ceases operationin the event of a detected intrusion because the architecture may starta re-buildup process (see step 406 below).

Next, in step 406, in the event of detected intrusion, the secureprotocol, which is generated by the trusted authority, begins a processof re-establishing, through challenge and response, the buildup in atiered hierarchical manner of a secure environment within the BN. If theattacker attempts to replicate this buildup, the attacker may only do itby having knowledge of the random characteristics of the secureprotocol.

Thus, the architecture of the present invention is assailable only ifboth the BN and the trusted authority are compromised. Underextraordinary circumstances, such a thing may happen (as shown in FIG.1, any architecture is theoretically breakable). In other words,hackers, burglars, thieves, or other unauthorized personnel may gainaccess to the trusted authority and one or more instances of thearchitecture under some extraordinary circumstances. When this happens,the clock is stopped and the attack effort is entirely reset to zero.That is, the validity of any element that might have eventuated fromsuch an attack is completely nullified by the act of stopping the clockat this point. Therefore, intrusion, no matter how powerful thecomputational resources supplied to the intrusion, has the effect ofresetting the effort involved to zero.

It is understood that there are thermodynamic principles that may permitan attacker, given sufficient determination, to override even thisprocess 400. However, the reset-to-zero requirement and the proofagainst dribbling out bits in a concerted grid attack are more thanample to meet the needs of the great bulk of DRM requirements contentcreators have raised.

It is noted that although the architecture 200 shown in FIG. 2 and theprocess 400 shown in FIG. 4 are directed to the problem of DRM, they mayalso be applied to ATMs, other secured communications, TEMPESTrequirements, or the like without departing from the scope and spirit ofthe present invention.

It is understood that the reliability aspect and the real-time behavioraspect relate to “knife-edge stability” described in the process 400shown in FIG. 4. Those of ordinary skill in the art will appreciate thatthe interrelationship among security, reliability, and real-timebehavior is intimately related in terms of how the resources arespecified. In the architecture of the present invention, thisinterrelationship is exploited to create a very efficient architecturedelivering the characterizable functions of the present invention.

It is to be noted that the above described embodiments according to thepresent invention may be conveniently implemented using conventionalgeneral purpose digital computers programmed according to the teachingsof the present specification, as will be apparent to those skilled inthe computer art. Appropriate software coding may readily be prepared byskilled programmers based on the teachings of the present disclosure, aswill be apparent to those skilled in the software art.

It is to be understood that the present invention may be convenientlyimplemented in forms of software package. Such a software package may bea computer program product which employs a storage medium includingstored computer code which is used to program a computer to perform thedisclosed function and process of the present invention. The storagemedium may include, but is not limited to, any type of conventionalfloppy disks, optical disks, CD-ROMS, magneto-optical disks, ROMs, RAMs,EPROMs, EEPROMs, magnetic or optical cards, or any other suitable mediafor storing electronic instructions.

It is understood that the specific order or hierarchy of steps in theprocesses disclosed is an example of exemplary approaches. Based upondesign preferences, it is understood that the specific order orhierarchy of steps in the processes may be rearranged while remainingwithin the scope of the present invention. The accompanying methodclaims present elements of the various steps in a sample order, and arenot meant to be limited to the specific order or hierarchy presented.

It is believed that the present invention and many of its attendantadvantages will be understood by the foregoing description. It is alsobelieved that it will be apparent that various changes may be made inthe form, construction and arrangement of the components thereof withoutdeparting from the scope and spirit of the invention or withoutsacrificing all of its material advantages. The form herein beforedescribed being merely an explanatory embodiment thereof, it is theintention of the following claims to encompass and include such changes.

1. A distributed architecture of an information handling system,comprising: a buried nucleus inaccessible for inspection while saidburied nucleus is in operation, said buried nucleus including at leastone matrix multiplier; and a trusted authority, said trusted authoritybeing in a vault and being configured for being operated according to atleast one of: encryption measures and security measures, said trustedauthority configured for generating a secure protocol, said secureprotocol controlling operation of said buried nucleus, whereinauthorization information is securely conveyed into the buried nucleusvia the secure protocol, thereby causing the buried nucleus to operatean return a result, the result utilizable for activating an authorizedoperation, the authorization information being processed by the buriednucleus when the buried nucleus is in operation, thereby making saidauthorization information and information relating to processing of saidauthorization information inaccessible for inspection once saidauthorization information is conveyed to the buried nucleus, wherein alloperations carried out by resource sets operating in an interior of theburied nucleus are inaccessible for inspection, said operationsincluding deciphering of a key provided to the buried nucleus via thesecure protocol, wherein operation of the buried nucleus isautomatically suspended upon detection of an intrusion, rebuilding of asecure environment within the buried nucleus occurs after said detectedintrusion, and resetting of a clock of the architecture to zero occurswhen replication by an attacker of said rebuilding occurs.
 2. Thedistributed architecture of claim 1, wherein said buried nucleusincludes at least one LFSR (linear feedback shift register).
 3. Thedistributed architecture of claim 1, wherein said buried nucleusincludes at least one reconfigurable core.
 4. The distributedarchitecture of claim 1, wherein said buried nucleus includes at leastone programmable logic block.
 5. The distributed architecture of claim1, wherein said buried nucleus includes at least one non-volatile RAM.6. The distributed architecture of claim 1, wherein said trustedauthority is a back-end secure server.
 7. The distributed architectureof claim 1, wherein said trusted authority is a cell phone operator witha trusted command and control center.
 8. The distributed architecture ofclaim 1, wherein said trusted authority is an encrypted medium.
 9. Adistributed architecture of an information handling system, comprising:(a) a sub-system, comprising: a microchip including an outer regionhaving I/O pins and a buried nucleus inaccessible for inspection whensaid buried nucleus is in operation, said buried nucleus including atleast one matrix multiplier; and external software connected to said I/Opins for controlling said I/O pins; (b) a trusted authority, saidtrusted authority being in a vault and being configured for beingoperated according to at least one of: encryption measures and securitymeasures, said trusted authority configured for generating a secureprotocol, said secure protocol controlling operation of said sub-system,(c) wherein said buried nucleus is configured for accepting anddeciphering an encrypted key delivered though said secure protocol, (d)wherein said encrypted key is securely conveyed into the buried nucleusvia the secure protocol, thereby causing the buried nucleus to operateand return a result, the result utilizable for activating an authorizedoperation, the encrypted key being deciphered within the buried nucleuswhen the buried nucleus is in operation, thereby making the decipheringoperation inaccessible for inspection, said operations includingdeciphering of a key provided to the buried nucleus via the secureprotocol, wherein operation of the buried nucleus is automaticallysuspended upon detection of an intrusion, rebuilding of a secureenvironment within the buried nucleus occurs after said detectedintrusion, and resetting of a clock of the architecture to zero occurswhen replication by an attacker of said rebuilding occurs.
 10. Thedistributed architecture of claim 9, wherein said buried nucleusincludes at least one LFSR (linear feedback shift register).
 11. Thedistributed architecture of claim 9, wherein said buried nucleusincludes at least one reconfigurable core.
 12. The distributedarchitecture of claim 9, wherein said buried nucleus includes at leastone programmable logic block.
 13. The distributed architecture of claim9, wherein said buried nucleus includes at least one non-volatile RAM.14. The distributed architecture of claim 9, wherein said encrypted keyis encrypted with digital watermarking.
 15. The distributed architectureof claim 9, wherein said encrypted key is encrypted with a fastelliptical algorithm.
 16. The distributed architecture of claim 9,wherein said encrypted key is encrypted with Triple DES.
 17. Thedistributed architecture of claim 9, wherein said encrypted key isencrypted with a Rijndael algorithm.
 18. The distributed architecture ofclaim 9, wherein said trusted authority is a back-end secure server. 19.The distributed architecture of claim 9, wherein said trusted authorityis a cell phone operator with a trusted command and control center. 20.The distributed architecture of claim 9, wherein said trusted authorityis an encrypted medium.